A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

• https://kb.juniper.net/JSA106008
• https://supportportal.juniper.net/JSA106008

• Juniper » Junos » Version: 23.2
  cpe:2.3:o:juniper:junos:23.2
• Juniper » Junos » Version: 23.4
  cpe:2.3:o:juniper:junos:23.4
• Juniper » Junos » Version: 24.1
  cpe:2.3:o:juniper:junos:24.1
• Juniper » Junos Os Evolved » Version: 23.2
  cpe:2.3:o:juniper:junos_os_evolved:23.2
• Juniper » Junos Os Evolved » Version: 23.4
  cpe:2.3:o:juniper:junos_os_evolved:23.4
• Juniper » Junos Os Evolved » Version: 24.1
  cpe:2.3:o:juniper:junos_os_evolved:24.1